Attack Simulator emails bypass mail flow rules


Is there any documentation for Attack Simulator emails bypassing mail flow rules?


We have a mailflow rule that marks and appends a disclaimer to all external emails coming in.  When using the Attack Simulator, emails are bypassed.

2 Replies
best response confirmed by Fixxser2 (Contributor)
That's by design, the whole idea is to see how the end users react to a bad email, not to test your hygiene configuration.
Look in Threat Explorer and you will see that the mails do not even arrive via the conventional delivery pipeline so do not appear there. They are simply written directly from the simulator to each recipient's Inbox. If you want your simulations to display your normal disclaimer for external mail, you will need to include your disclaimer block in the payload.